Papered
Log In

Privacy Policy

Papered Inc.

Effective Date: January 13, 2026

Last Updated: January 13, 2026

1. Introduction

Papered Inc. ("Papered," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website at https://papered.com, our web application, and our mobile applications for iOS and Android (collectively, the "Platform").

This Policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Legislation (CASL), and other applicable Canadian privacy laws.

By using the Platform, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use the Platform.

2. Our Privacy Commitment: PIPEDA's 10 Fair Information Principles

We are committed to protecting your privacy in accordance with the 10 Fair Information Principles set out in the Personal Information Protection and Electronic Documents Act (PIPEDA):

  1. Accountability: We are responsible for personal information under our control. Our Privacy Officer oversees compliance (see Section 15).
  2. Identifying Purposes: We identify the purposes for collecting personal information before or at the time of collection (see Section 4).
  3. Consent: We obtain meaningful consent for the collection, use, and disclosure of personal information (see Sections 3 and 4).
  4. Limiting Collection: We collect only the personal information necessary for identified purposes (see Section 3).
  5. Limiting Use, Disclosure, and Retention: We use and disclose personal information only for the purposes identified and retain it only as long as necessary (see Sections 4, 6, and 8).
  6. Accuracy: We keep personal information accurate, complete, and up-to-date as necessary (see Section 9.2).
  7. Safeguards: We protect personal information with appropriate security measures (see Section 7).
  8. Openness: We make our privacy policies and practices readily available (this Policy).
  9. Individual Access: We provide individuals access to their personal information upon request (see Section 9).
  10. Challenging Compliance: Individuals may challenge our compliance and we will investigate and respond (see Section 15).

3. Definitions

Personal Information means any information about an identifiable individual. This includes information that can be used on its own or combined with other information to identify, contact, or locate a person. Personal information does not include business contact information used solely for business purposes or anonymized/aggregated data that cannot identify an individual.

Sensitive Personal Information includes financial information, government-issued identification numbers, and any information that requires heightened protection under applicable law.

4. Information We Collect

4.1 Information You Provide Directly

When you register for an account, subscribe to our services, or otherwise interact with the Platform, we may collect:

Account Information:

  • Full name
  • Email address
  • Phone number
  • Mailing address
  • Password (stored in encrypted form)

Professional Information:

  • Real estate license number
  • Brokerage name and affiliation
  • Professional role or title

Transaction Information:

  • Details of real estate transactions you manage through the Platform
  • Names and contact information of parties involved in transactions (buyers, sellers, co-buyers, guarantors)
  • Property details and transaction terms
  • Documents you create, upload, or sign

Payment Information:

  • Billing address
  • Payment card details (processed securely through our payment processor; we do not store full card numbers)

Communications:

  • Correspondence you send to us via email or support channels
  • Feedback and survey responses

4.2 Information Collected Through Email Integration

If you choose to connect your email account (e.g., Gmail, Outlook) to the Platform, you explicitly authorize us to access specific information to facilitate real estate transaction management.

Purpose: To identify, extract, and organize documents and communications relevant to your real estate transactions.

Scope of Data Collected:

  • Email metadata (sender, recipient, subject line, date)
  • Email content and attachments related to real estate transactions

How We Process This Data:

  • We use Nylas, a third-party service provider, to securely connect to your email provider
  • We use AI technology (Google Gemini) to parse and extract relevant transaction information
  • Our technology is designed to identify and process only transaction-related content
  • We implement technical measures to minimize processing of personal emails unrelated to our services

Important: We do not use information from your email for advertising purposes.

Google API Services Compliance: Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4.3 Information Collected Automatically

When you access the Platform, we automatically collect certain technical and usage information:

Technical Information:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Time zone setting
  • Unique device identifiers

Usage Information:

  • Pages and features you access
  • Time spent on pages
  • Clickstream data (how you navigate through the Platform)
  • Referring URLs
  • Error logs and performance data

4.4 Information from Third Parties

We may receive information about you from:

  • Your brokerage, if they manage your account
  • Electronic signature service providers when you sign documents
  • Payment processors regarding your payment transactions
  • Identity verification services, if applicable

5. How We Use Your Information

We use your personal information for the following purposes:

5.1 Providing Our Services

  • Creating and managing your account
  • Processing your subscription and payments
  • Enabling you to complete and manage OREA standard forms
  • Facilitating electronic signatures on documents
  • Parsing email content to extract transaction-related information
  • Providing customer support

5.2 Improving Our Services

  • Analyzing usage patterns to enhance Platform features
  • Conducting research and development
  • Testing new features and functionality
  • Identifying and fixing technical issues

5.3 Communications

  • Sending transactional emails (account confirmations, password resets, transaction notifications)
  • Providing customer support responses
  • Sending service updates and important notices about the Platform
  • Marketing communications (only with your express consent)

5.4 Security and Compliance

  • Detecting, preventing, and addressing fraud, security breaches, or technical issues
  • Enforcing our Terms of Service
  • Complying with legal obligations
  • Responding to legal requests and protecting our rights

5.5 Legal Basis for Processing

We process your personal information based on:

  • Consent: Where you have provided explicit consent (e.g., marketing communications, email integration)
  • Contract: Where processing is necessary to fulfill our agreement with you
  • Legal Obligation: Where required by law
  • Legitimate Interests: For purposes such as improving our services, provided these interests do not override your privacy rights

6. Cookies and Tracking Technologies

6.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. We use cookies and similar technologies to operate and improve the Platform.

6.2 Types of Cookies We Use

Essential Cookies: Required for the Platform to function. These enable core features like secure login and session management. You cannot opt out of essential cookies while using the Platform.

Functional Cookies: Remember your preferences and settings to provide a personalized experience. For example, remembering your language preference or display settings.

Analytics Cookies: Help us understand how users interact with the Platform. We use this information to improve features and user experience. These cookies collect aggregated, anonymous data.

6.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

  • View what cookies are stored on your device
  • Delete cookies individually or in bulk
  • Block all cookies or only third-party cookies
  • Set preferences for specific websites

Please note that blocking certain cookies may affect the functionality of the Platform.

6.4 Third-Party Cookies

Some third-party services we use may place their own cookies on your device. We do not control these cookies. Please review the privacy policies of these third parties for more information.

7. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

7.1 Service Providers

We share information with third-party service providers who assist us in operating the Platform:

ProviderPurposeData Shared
Amazon Web Services (AWS)Cloud hosting and infrastructureAll Platform data
NylasEmail integration servicesEmail metadata, content, and attachments
Google GeminiAI-powered document parsingEmail content and transaction documents
DocuSignElectronic signaturesTransaction documents, signer names and emails
Payment ProcessorPayment processingBilling information

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

7.2 Transaction Participants

When you use the Platform for real estate transactions, certain information is shared with other parties involved:

  • Co-agents and brokerages participating in the transaction
  • Clients who need to review or sign documents
  • Other authorized parties as necessary to complete the transaction

7.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Court orders, subpoenas, or other legal processes
  • Government or regulatory requests
  • Investigations into potential violations of our Terms of Service
  • Protection of our rights, property, or safety, or that of our users or the public

7.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and your choices regarding your information.

7.5 With Your Consent

We may share your information for other purposes with your explicit consent.

7.6 Aggregated and Anonymized Data

We may share aggregated or anonymized data that cannot identify you for research, analytics, or marketing purposes.

8. Data Storage and Security

8.1 Where We Store Your Data

All personal information is stored on secure servers located in Canada through our cloud infrastructure provider (AWS Canada regions). By using the Platform, you consent to the storage of your data in Canada.

8.2 International Transfers

Some of our service providers may process data in the United States or other jurisdictions. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Contractual obligations requiring recipients to protect data
  • Compliance with applicable data transfer laws

You acknowledge that data transferred internationally may be subject to the laws of foreign jurisdictions, which may differ from Canadian law.

8.3 Security Measures

We implement comprehensive security measures to protect your information:

Technical Safeguards:

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Firewalls and intrusion detection systems
  • Regular security audits and penetration testing
  • Automated vulnerability scanning

Administrative Safeguards:

  • Role-based access controls
  • Multi-factor authentication for administrative access
  • Employee security training
  • Strict access policies limiting who can access personal data

Physical Safeguards:

  • Secure data center facilities (AWS)
  • Environmental controls and monitoring

8.4 Data Backup

We perform regular backups to protect against data loss:

  • Daily incremental backups
  • Weekly full backups
  • All backups are encrypted in transit and at rest
  • Backups are stored in Canada
  • Regular testing of backup restoration processes

8.5 Your Role in Security

You are responsible for:

  • Maintaining the confidentiality of your login credentials
  • Using strong, unique passwords
  • Logging out of shared devices
  • Reporting any suspected security incidents to support@papered.com

9. Data Retention

9.1 Retention Periods

We retain personal information only as long as necessary for the purposes described in this Policy, unless a longer retention period is required by law.

General Guidelines:

Data TypeRetention Period
Account informationDuration of account plus 2 years
Transaction records7 years after transaction completion
Payment records7 years (tax and financial regulations)
Communication records3 years
Usage logs2 years
Backup data90 days (rolling)

9.2 Determining Retention

We consider the following factors when determining retention periods:

  • Legal and regulatory requirements (e.g., RECO record-keeping, tax laws)
  • Statute of limitations for potential legal claims
  • Business necessity
  • Your preferences and consent

9.3 Data Deletion

When personal information is no longer needed, we securely delete or anonymize it. Anonymized data may be retained indefinitely for analytics and research purposes.

10. Your Privacy Rights

Under Canadian privacy law, you have the following rights regarding your personal information:

10.1 Right to Access

You may request access to the personal information we hold about you. We will provide this information within 30 days of receiving your request, subject to certain exceptions permitted by law.

10.2 Right to Correction

You may request that we correct inaccurate or incomplete personal information. You can update much of your information directly through your account settings.

10.3 Right to Withdraw Consent

Where we process your information based on consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing before the withdrawal.

To withdraw consent:

  • For marketing communications: Click "unsubscribe" in any marketing email or update your preferences in account settings
  • For email integration: Disconnect your email account through account settings
  • For other consents: Contact us at support@papered.com

Please note that withdrawing consent may affect your ability to use certain features of the Platform.

10.4 Right to Deletion

You may request deletion of your personal information in certain circumstances. We may retain some information as required by law or for legitimate business purposes.

10.5 How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • Email: support@papered.com
  • Mail: Privacy Officer, Papered Inc., 10 Lower Spadina Ave, Suite 500, Toronto, ON M5V 2R2

We may ask you to verify your identity before fulfilling your request. We will respond within 30 days.

10.6 Limitations

We may deny requests in certain circumstances, including where:

  • The request would violate another person's privacy
  • The information is protected by legal privilege
  • Disclosure would reveal confidential commercial information
  • The request is frivolous or vexatious

If we deny your request, we will explain the reasons, subject to legal restrictions.

11. Data Breach Response

11.1 Our Commitment

In the event of a breach of security safeguards involving your personal information, we have procedures in place to respond promptly and effectively.

11.2 Notification

If a breach creates a real risk of significant harm to you, we will:

  • Notify you as soon as feasible, describing the breach and its potential impact
  • Report the breach to the Office of the Privacy Commissioner of Canada
  • Take steps to mitigate the harm

11.3 Breach Records

We maintain records of all security breaches as required by PIPEDA, regardless of whether they posed a real risk of significant harm.

12. Marketing Communications and CASL Compliance

This section describes our compliance with Canada's Anti-Spam Legislation (CASL) and how we handle commercial electronic messages.

12.1 Consent Required

We will only send you commercial electronic messages ("CEMs") if you have provided express consent (opt-in). CEMs include:

  • Product announcements and updates
  • Promotional offers
  • Newsletters
  • Industry news and insights

We maintain records of all consents, including when and how consent was obtained.

12.2 Implied Consent

In certain circumstances, CASL permits us to send CEMs based on implied consent, such as:

  • An existing business relationship (e.g., you have subscribed to our services within the past two years)
  • An existing non-business relationship (e.g., you made a donation or inquiry within the past six months)
  • Your business contact information was conspicuously published and not accompanied by a statement that you do not wish to receive CEMs

Implied consent is time-limited and expires in accordance with CASL requirements.

12.3 Sender Identification

All commercial electronic messages we send will clearly identify:

  • Papered Inc. as the sender
  • Our contact information:
    • Mailing Address: 10 Lower Spadina Ave, Suite 500, Toronto, ON M5V 2R2, Canada
    • Email: support@papered.com
    • Phone: 819-918-2994

12.4 Transactional Communications

We may send you transactional or service-related communications without additional consent. These are not considered CEMs under CASL and include:

  • Account confirmations and notifications
  • Password resets
  • Subscription and billing information
  • Security alerts
  • Changes to our Terms of Service or Privacy Policy
  • Transaction status updates directly related to your use of the Platform

12.5 Opting Out (Unsubscribe)

You may opt out of commercial electronic messages at any time by:

  • Clicking "unsubscribe" in any marketing email
  • Updating your communication preferences in account settings
  • Contacting us at support@papered.com

CASL Compliance: We will process your unsubscribe request within 10 business days. All marketing emails include a functional unsubscribe mechanism that will remain active for at least 60 days after the message is sent.

Opting out of marketing does not affect transactional communications.

13. Children's Privacy

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13 without parental consent, we will delete that information promptly.

If you believe we have collected information from a child under 13, please contact us at support@papered.com.

14. Third-Party Links and Services

The Platform may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services before providing your information.

We are not responsible for the privacy practices or content of third-party sites.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

15.1 How We Notify You

We will notify you of material changes by:

  • Posting the updated Policy on our website with a new "Last Updated" date
  • Sending an email to your registered email address
  • Displaying a notice within the Platform

15.2 Your Responsibility

You are responsible for reviewing this Policy periodically and ensuring we have your current email address.

15.3 Continued Use

Your continued use of the Platform after changes take effect constitutes acceptance of the updated Privacy Policy.

16. Contact Us

If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your privacy rights, please contact our Privacy Officer:

Privacy Officer
Papered Inc.
10 Lower Spadina Ave, Suite 500
Toronto, ON M5V 2R2
Canada

Email: support@papered.com
Phone: 819-918-2994

Complaints

If you have concerns about how we handle your personal information, please contact us first. We will investigate and respond to your complaint.

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3

Toll-free: 1-800-282-1376
Website: www.priv.gc.ca

17. Additional Information for Specific Features

17.1 Electronic Signatures

When you use our electronic signature feature, we collect:

  • Signer name and email address
  • IP address at time of signature
  • Timestamp of signature
  • Device and browser information

This information is used to create an audit trail and verify the authenticity of signatures.

17.2 Email Parsing

When you connect your email account:

  • We access only emails and attachments relevant to real estate transactions
  • Our AI systems analyze content to extract transaction details
  • We do not read or store personal emails unrelated to transactions
  • You can disconnect your email at any time through account settings

17.3 Document Storage

Documents you create or sign through the Platform are:

  • Encrypted at rest and in transit
  • Accessible only to authorized parties
  • Retained according to our data retention policy
  • Available for download to your personal records

This Privacy Policy was last updated on January 13, 2026. If you have any questions, please contact us at support@papered.com.